In a new report, researchers at the University of Toronto’s Citizen Lab said the NSO Group, an Israeli spyware company, used what is known as a “zero-click exploit” to hack the iPhone of an unnamed Saudi activist and infect his device using its flagship “Pegasus” spyware program. Apple has released a software patch to fix a security vulnerability that researchers say could allow hackers to directly infect iPhones and other Apple devices without any involvement of the owner.
“Zero-click exploit” refers to the method of the attack which requires no engagement from the targeted user. Typically, cyberattacks involve a malicious link that users unknowingly click on, thus installing malware onto their system, which can then covertly usurp information or disrupt the victim’s network. In its “Forcedentry” attacks, which researchers said has been in use since February, NSO Group hackers were able to install Pegasus spyware onto target devices simply by sending a message or calling a phone — without any action from users themselves. In releasing its security patch on Monday, Apple credited Citizen Lab for helping it address the issue swiftly.
Here’s how to update your Apple devices to correct the security flaw.
iPhone, iPad or iPod Touch
- Plug in your device and make sure you’re connected to the internet.
- Go to Settings General, then tap Software Update.
- Tap “Install Now.” If you see “Download and Install” instead, tap it to download the update, enter your passcode, then tap “Install Now.”
Apple Watch
First, make sure that your Apple Watch is compatible with the latest software: watchOS 7 is compatible with Apple Watch Series 3 and later and Apple Watch SE. Upgrading to watchOS 7 requires an iPhone 6s or later running iOS 14 or later.
Next steps:
- Update your iPhone to the latest version of iOS.
- Make sure that your Apple Watch is at least 50 percent charged.
- Connect your iPhone to Wi-Fi.
- Keep your iPhone next to your Apple Watch, so that they’re in range.
It could take from several minutes to an hour for the update to complete. You might want to update overnight or wait until you have time.
To update your Apple Watch using your iPhone
When a new update is available, your Apple Watch notifies you. Tap Update Tonight in the notification, then go to your iPhone to confirm that you want to update overnight. At the end of the day, leave your Apple Watch and iPhone charging overnight so the update can complete.
To update directly on your Apple Watch
If your Apple Watch has watchOS 6 or later, you can install subsequent updates without your iPhone:
- Make sure that your watch is connected to Wi-Fi.
- On your watch, open the Settings app.
- Tap General Software Update.
- Tap Install if a software update is available, then follow the onscreen instructions.
Apple TV
To Update Apple TV 4K or Apple TV HD
- Go to Settings System Software Updates and select Update Software.
- If there’s an update, select Download and Install.
- Wait for your Apple TV to download the update. Don’t disconnect or unplug your Apple TV until the update completes.
After the update downloads, your Apple TV will restart, prepare the update, then install it. When the update is complete, your Apple TV will automatically restart again.
To update Apple TV (3rd generation)
- Go to Settings General Software Updates and select Update Software.
- If there’s an update, download and install it.
- Wait for your Apple TV to download the update. Don’t disconnect or unplug your Apple TV until the update completes.
Mac
- From the Apple menu in the corner of your screen, choose System Preferences.
- Click “Software Update.””
- Click “Update Now” or “Upgrade Now:”
- “Update Now” installs the latest updates for the currently installed version. Learn about macOS Big Sur updates, for example.
- “Upgrade Now” installs a major new version with a new name, such as macOS Big Sur.